none
Group Policy-Group Policy Preferences RRS feed

  • Question

  • Is there way to block inheritance for a certain GPO only? I have a computers OU that contains sub OUs. I have multiple GPOs that are inherited. I would like to block inheritance of one of a single GPO to one of the sub computer OUs.
    Wednesday, March 16, 2011 2:26 PM

Answers

  • You cannot block inheritance for ONE GPO IF you have multiple GPO applied at the upper levels.

    When the block inheritance is applied at OU level, no other GPO from the upper levels will apply (unless they are enforced), only the GPO linked directly to the OU will be applied to the computers/users from the specific OU.

    • Marked as answer by Bruce-Liu Tuesday, March 29, 2011 5:38 AM
    Wednesday, March 16, 2011 3:30 PM
  • Item Level Targeting in Group Policy Preferences has the option to specify selective OU's that the setting will be applied. See http://technet.microsoft.com/en-us/library/cc770424.aspx There is also an option to only apply it to direct members so you can be selective as to what OU's you do not what the GPP setting to be applied.

    Hope this helps

     


    Alan Burchill (MVP)
    http://www.grouppolicy.biz
    Follow me on twitter @alanburchill
    • Proposed as answer by Alan Burchill Wednesday, March 16, 2011 9:30 PM
    • Marked as answer by Bruce-Liu Tuesday, March 29, 2011 5:38 AM
    Wednesday, March 16, 2011 9:30 PM

All replies

  • To block group policy inheritance, refer to this Microsoft article named "Managing inheritance of group policy".

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Wednesday, March 16, 2011 2:32 PM
  • You cannot block inheritance for ONE GPO IF you have multiple GPO applied at the upper levels.

    When the block inheritance is applied at OU level, no other GPO from the upper levels will apply (unless they are enforced), only the GPO linked directly to the OU will be applied to the computers/users from the specific OU.

    • Marked as answer by Bruce-Liu Tuesday, March 29, 2011 5:38 AM
    Wednesday, March 16, 2011 3:30 PM
  • Item Level Targeting in Group Policy Preferences has the option to specify selective OU's that the setting will be applied. See http://technet.microsoft.com/en-us/library/cc770424.aspx There is also an option to only apply it to direct members so you can be selective as to what OU's you do not what the GPP setting to be applied.

    Hope this helps

     


    Alan Burchill (MVP)
    http://www.grouppolicy.biz
    Follow me on twitter @alanburchill
    • Proposed as answer by Alan Burchill Wednesday, March 16, 2011 9:30 PM
    • Marked as answer by Bruce-Liu Tuesday, March 29, 2011 5:38 AM
    Wednesday, March 16, 2011 9:30 PM